Hi, I have been hacking on a feature that instead of using a static password when connecting to the psql server executes a subprocess which prints a temporary auth token to stdout.
This is to make the workflow more bearable when using AWS RDS with iam authentication. aws-iam auth tokens are generated with the ASW cli, used as sql password, and expires after 15 minutes. That means that any reconnects after that time will fail – and not in a way that spawns any password dialog (“FATAL: PAM authentication failed”). I’m thinking of the feature like an addition to “passfile”, lets call it “passexec”. 2 new (advanced?) server settings: * passexec cmd line * passexec expiry minutes If last passexec is older than expiry, a new invocation result is used – basically an expiring cache. I think this would benefit the pgadmin community – would you be interested in a PR? /Elias
